CVE-2023-40022

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 24, 2023
Updated: Aug 30, 2023
CWE ID 190

Summary

CVE-2023-40022 is a vulnerability affecting Rizin, a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior contain an integer overflow issue in the `consume_count` function of `src/gnu_v2/cplus-dem.c`. Although the overflow check logic is correct, it fails to account for the modulus when dealing with non-multiple-of-ten counts. This oversight allows for unintended behavior, potentially leading to significant security implications. Rizin has addressed this vulnerability in version 0.6.1. Meanwhile, a temporary workaround involves disabling C++ demangling by setting the configuration option `bin.demangle=false`.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share